为什么我必须在PHP中通过头('Location ..')重定向后调用'exit'? [英] Why I have to call 'exit' after redirection through header('Location..') in PHP?
问题描述
你知道如果你想在PHP中重定向一个用户,你可以使用header函数:
header('Location :http://smowhere.com');
众所周知,将一个在,以防止执行其他php代码。所以我的问题是:可以有效地执行标题位置调用之后的代码吗?在哪些情况下?恶意用户能否完全忽略头调用后退出; 头('Location ..')调用?如何?
可以有效地执行标头位置调用后的代码吗?
是,永远。 头只是一行要求浏览器重定向的数据。剩余的页面仍然由PHP提供,并且可以通过简单地阻止头命令执行来由客户端查看。 p>
对于像 wget 这样的命令行客户端来说,这很容易做到,例如只需告诉它不要遵循重定向。
底线:如果您不阻止它,即使在头呼叫。没有任何特殊的黑客技能,该机构可以完全提供给接收方。
You know that if you want to redirect an user in PHP you can use the header function:
header('Location: http://smowhere.com');
It is also well known that it is a good practice to put also an exit; after the header call, to prevent execution of other php code. So my question is: could the code after the header-location call be effectively executed? In which cases? Can a malicious user be able to completely ignore the header('Location..') call? How?
could the code after the header-location call be effectively executed?
Yes, always. The header is only a line of data asking the browser to redirect. The rest of the page will still be served by PHP and can be looked at by the client by simply preventing the header command from executing.
That is easy enough to do with a command-line client like wget, for example, by simply telling it not to follow redirects.
Bottom line: If you don't prevent it, PHP will send out the whole body even after a header call. That body is fully available to the recipient without any special hacking skills.
这篇关于为什么我必须在PHP中通过头('Location ..')重定向后调用'exit'?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
